Last revised: November 2020
The Luxembourg Institute of Science and Technology (hereafter “LIST”, “We”) is committed to ensure the highest standards of data protection in compliance with the applicable legislation, notably with reference to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
The present document aims at illustrating what personal data we collect about you, the reason why LIST uses your data and, as the case may be, share your data and the applicable retention periods. Additionally, the notice also provides you with information regarding your rights, how to exercise them and whom you can contact in case of any query.
The present notice is directed to participants (hereafter the “Participant”) registering for LIST’s events (including public lectures and conferences, demonstrations, competitions, tours of the LIST's facilities, and online events such as webinars - hereafter “Event”).
The data controller is LIST, having its registered office at 5, Avenue des Hauts-Fourneaux L-4362 Esch-sur-Alzette, Luxembourg.
LIST is responsible for collecting and processing your personal data in relation with your participation to LIST’s activities.
Our contact details are set out in Section 10 (“Your rights and how to exercise them”) below
LIST may collect personal data from the following sources:
You can subscribe to LIST’s Events either through LIST’s corporate website or during LIST’s Events.
The categories of personal data that we collect about you may vary depending on the type of Event.
Please find here below a detailed list of personal data we may collect and process. Those may at times include:
Please find here below a list of the purposes for which LIST collects and processes your personal data:
Please find here below a list of the legal basis on whose grounds LIST collects and processes your personal data:
The purposes and legal basis of our processing activities may vary based on the type of Event.
In order to fulfil the purposes mentioned in Section 5 (“Purposes and legal basis for processing”), LIST may transfer your personal data to:
In case of disclosure of your personal data to the aforementioned external subjects, LIST shall take appropriate steps to ensure that third parties will apply adequate protection to this data as required by the applicable data protection legislation.
Some of the mentioned recipients of your personal data (such as GoToWebinar, our webinar service provider) may be located in countries outside the European Union or the European Economic Area (EU/EEA). In such cases, transfers to a county outside EU/EEA may take place when the European Commission has decided that the third country ensures an adequate level of protection.
In the absence of such adequacy decision, LIST will only proceed to such transfer after having implemented appropriate safeguards to protect your personal data (such as the use of standard contractual clauses adopted by the European Commission) or where a derogation established by art. 49 of the GDPR exists (such as your explicit and informed consent).
For online payments, personal data is sent using an encryption process. The online payment system is guaranteed by SIX Payment Services (Europe) S.A. Transactional data (such as the card number) does not pass through the LIST website and in no cases is it saved there. Please refer to SIX Payment’s conditions: www.six-payment-services.com/fr/services/legal/privacy-statement.html.
Further information about the mentioned transfers and the safeguard measures applied by LIST can be obtained by contacting us at firstname.lastname@example.org.
In compliance with the applicable data protection legislation, LIST has put in place appropriate technical and organisational measures in order to prevent or act upon any unauthorised and unlawful processing or disclosure, accidental loss, modification or destruction of personal data. These measures are implemented based on the current state of art, an evaluation of the risks derived by the processing activity and the need to protect personal data. Such technical and organisation measures are regularly updated and/or adjusted to new technical developments or any organisational change that may affect LIST.
LIST will only retain your personal for a period of time that is strictly necessary for the purposes for which we collect your data, without prejudice to LIST to keep them for a longer duration for legal and/or regulatory obligations applying to LIST or due to exceptional situations that would justify them being kept longer (judicial procedure, etc.).
With regards to your personal data collected and processed by LIST, you may exercise at any time the following rights:
You may exercise any of these rights by contacting our Data Protection Officer (DPO):
Please be aware that LIST website may contain links to other websites, that are not governed by this privacy notice. We encourage users to review the privacy notice of each website before disclosing any personal data.
LIST may make changes to this privacy notice from time to time, to reflect our current privacy practices or to comply with changes in the applicable data protection legislation. LIST encourages you to regularly visit this page in order to remain informed on our data protection policies.